Page MenuHomePhabricator

Password strength judgment upon logon, then password change
Closed, ResolvedPublic

Description

Author: ral315

Description:
MediaWiki should, upon first logon, grab an existing user's password, and give
it some sort of rating based on password strength (vulnerability to dictionary
attacks, lowercase, uppercase, numbers, special characters, etc.) If an
administrator has a low password rating, it should give them a stern warning
that they should change their password immediately.

At the change password screen in "my preferences", a password meter, similar to
Gmail's (visit gmail.com, click "Sign up for Gmail", and type a password into
the form) should trigger, forcing a minimum password length, and showing a user
their password strength.

This meter would also show up upon the creation of a new account.

Ideally, this option, and things like minimum password length, rating at which
an admin is warned that their password is weak, etc., would be site-configurable
via the config file.


Version: unspecified
Severity: normal
OS: Windows XP
Platform: PC

Details

Reference
bz9834

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:43 PM
bzimport set Reference to bz9834.
bzimport added a subscriber: Unknown Object (MLST).

ayg wrote:

*** This bug has been marked as a duplicate of 3348 ***